Vulners
Lucene search
Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure
#------------------------------------------------------------------------------------------#
# Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure #
# Date: Jul 30 2015 #
# Exploit Author: Dustin Dörr #
# Vendor Homepage: https://www.froxlor.org/ #
# Version: <= 0.9.33.1 #
#------------------------------------------------------------------------------------------#
An unauthenticated remote attacker is able to get the Froxlor MySQL password and username
via webaccess due to wrong file permissions of the /logs/ folder in Froxlor version
0.9.33.1 and earlier. The plain MySQL password and username may be stored in the
/logs/sql-error.log file. This directory is publicly reachable by default.
some default URLs are:
- http://example.com/froxlor/logs/sql-error.log
- http://cp.example.com/logs/sql-error.log
- http://froxlor.example.com/logs/sql-error.log
the certain section looks like this:
/var/www/froxlor/lib/classes/database/class.Database.php(279):
PDO->__construct('mysql:host=127....', 'DATABASE_USER', 'DATABASE_PASSWORD', Array)
please note that the password in the logfile is truncated to 15 chars,
therefore passwords longer than 15 chars are not fully visible to an attacker.
# 0day.today [2018-01-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Aug 2015 00:00Current
7.1High risk
Vulners AI Score7.1